2031688 – hostpath-provisioner-operator deployment is referencing upstream images

Bug 2031688 - hostpath-provisioner-operator deployment is referencing upstream images

Summary: hostpath-provisioner-operator deployment is referencing upstream images

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	Storage
Sub Component:
Version:	4.10.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	4.10.0
Assignee:	Alexander Wels
QA Contact:	Kevin Alon Goldblatt
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2032050 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-12-13 08:56 UTC by Simone Tiraboschi
Modified:	2022-03-16 15:57 UTC (History)
CC List:	7 users (show)
Fixed In Version:	hco-bundle-registry-container-v4.10.0-623
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-16 15:57:31 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Simone Tiraboschi 2021-12-13 08:56:27 UTC

Description of problem:

In the deployment of hostpath-provisioner-operator we see:
                - name: OPERATOR_NAME
                  value: hostpath-provisioner-operator
                - name: OPERATOR_IMAGE
                  value: quay.io/kubevirt/hostpath-provisioner-operator:latest
                - name: PROVISIONER_IMAGE
                  value: quay.io/kubevirt/hostpath-provisioner:latest
                - name: CSI_PROVISIONER_IMAGE
                  value: quay.io/kubevirt/hostpath-csi-driver:latest
                - name: NODE_DRIVER_REG_IMAGE
                  value: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0
                - name: LIVENESS_PROBE_IMAGE
                  value: k8s.gcr.io/sig-storage/livenessprobe:v2.3.0
                - name: CSI_SNAPSHOT_IMAGE
                  value: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.1
                - name: CSI_SIG_STORAGE_PROVISIONER_IMAGE
                  value: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.1



Version-Release number of selected component (if applicable):
hco-bundle-registry-container-v4.10.0-463

How reproducible:
100%

Steps to Reproduce:
1. deploy CNV
2. check the env variables for hostpath-provisioner-operator
3.

Actual results:
we see a list of upstream images referenced by tags

Expected results:
we should reference only downstream images and only by digest (to support the disconnected scenario via ICSP)

Additional info:
This should be considered as a release blocker

Comment 1 Yan Du 2021-12-16 06:22:43 UTC

*** Bug 2032050 has been marked as a duplicate of this bug. ***

Comment 2 Alexander Wels 2021-12-20 19:41:24 UTC

The source of the problem is the csv-generator provided by the hpp operator release. It takes arguments for each of the images, and it will replace the values with the arguments provided. The question is, how do we identify these images during the build pipeline if we use this mechanism.

Comment 3 Adam Litke 2022-01-18 12:37:08 UTC

Alexander. can you provide an update on this bug?  It's getting pretty late in the game and I am sure we will need some time to resolve this before the 4.10 release.

Comment 4 Alexander Wels 2022-01-18 13:07:22 UTC

So basically little to no progress, having a meeting on Wednesday to discuss with the cpaas team what we can do in the short term and long term. I reached out to the OCS team but they haven't responded.

Comment 5 Simone Tiraboschi 2022-01-27 14:36:55 UTC

in ... we have:

                - name: OPERATOR_IMAGE
                  value: registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:7a1d1c8818393e0425c63c77da6c5221c28369e1e55a4c42d2830aac53c12125
                - name: PROVISIONER_IMAGE
                  value: registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8@sha256:705c40f84f8b2f33db1ec32e60043a79950cba5c362fa2706bdcb5ed043ed213
                - name: CSI_PROVISIONER_IMAGE
                  value: registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8@sha256:17c145818f4927e390531e077b7b21e47ffdc2e4b01ca035e68280db50f7b3b9
                - name: NODE_DRIVER_REG_IMAGE
                  value: registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:ea9ccb4f3e7b7c7b4403342b4408a7b166172c979aac49abeae73a0a3fe37421
                - name: LIVENESS_PROBE_IMAGE
                  value: registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:582d67667d31abc1574c5fc620818bfa0af309d01ba8588828c9822ad3e593e3
                - name: CSI_SNAPSHOT_IMAGE
                  value: registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:6d9dcdfb0f37377c2f137f158b35fb2522bd5f1ab7089f867eda1e88bca19fb9
                - name: CSI_SIG_STORAGE_PROVISIONER_IMAGE
                  value: registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:4493269794089f70788f0c1a03f63211c98d768a9f33d20358b72a1223df597e
...
  - image: registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:4493269794089f70788f0c1a03f63211c98d768a9f33d20358b72a1223df597e
    name: registry.redhat.io/openshift4/ose-csi-external-provisioner:v4.9
  - image: registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:6d9dcdfb0f37377c2f137f158b35fb2522bd5f1ab7089f867eda1e88bca19fb9
    name: registry.redhat.io/openshift4/ose-csi-external-snapshotter:v4.9
  - image: registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:582d67667d31abc1574c5fc620818bfa0af309d01ba8588828c9822ad3e593e3
    name: registry.redhat.io/openshift4/ose-csi-livenessprobe:v4.9
  - image: registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:ea9ccb4f3e7b7c7b4403342b4408a7b166172c979aac49abeae73a0a3fe37421
    name: registry.redhat.io/openshift4/ose-csi-node-driver-registrar:v4.9

we are currently referencing the most up to date images available in production so currently `v4.9` even if we are building for CNV v4.10.0.
We will start consuming OCP 4.10 CSI sidecars images only when it will be officially released.

Comment 6 Kevin Alon Goldblatt 2022-01-31 13:03:34 UTC

Verified with the following code:
-----------------------------------------
oc version
Client Version: 4.10.0-202201270049.p0.g900705d.assembly.stream-900705d
Server Version: 4.10.0-fc.2
Kubernetes Version: v1.23.0+60f5a1c
[cnv-qe-jenkins@stg10-kevin-n8n4x-executor ~]$  oc get csv --all-namespaces
NAMESPACE                              NAME                                        DISPLAY                       VERSION              REPLACES                                  PHASE
openshift-cnv                          kubevirt-hyperconverged-operator.v4.10.0    OpenShift Virtualization      4.10.0               kubevirt-hyperconverged-operator.v4.9.0   Succeeded
openshift-local-storage                local-storage-operator.4.9.0-202112142229   Local Storage                 4.9.0-202112142229                                             Succeeded
openshift-operator-lifecycle-manager   packageserver                               Package Server                0.19.0                                                         Succeeded
openshift-storage                      mcg-operator.v4.10.0                        NooBaa Operator               4.10.0                                                         Succeeded
openshift-storage                      ocs-operator.v4.10.0                        OpenShift Container Storage   4.10.0                                                         Succeeded
openshift-storage                      odf-operator.v4.10.0                        OpenShift Data Foundation     4.10.0                                                         Succeeded



Verified with the following scenario:
-----------------------------------------
I deployed the latest 4.10 d/s and this is the output from the:
oc describe pod hostpath-provisioner-operator-87cbb48f5-8fjml -n openshift-cnv


OPERATOR_NAME:                      hostpath-provisioner-operator
      OPERATOR_IMAGE:                     registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:7a1d1c8818393e0425c63c77da6c5221c28369e1e55a4c42d2830aac53c12125
      PROVISIONER_IMAGE:                  registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8@sha256:705c40f84f8b2f33db1ec32e60043a79950cba5c362fa2706bdcb5ed043ed213
      CSI_PROVISIONER_IMAGE:              registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8@sha256:17c145818f4927e390531e077b7b21e47ffdc2e4b01ca035e68280db50f7b3b9
      NODE_DRIVER_REG_IMAGE:              registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:ea9ccb4f3e7b7c7b4403342b4408a7b166172c979aac49abeae73a0a3fe37421
      LIVENESS_PROBE_IMAGE:               registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:582d67667d31abc1574c5fc620818bfa0af309d01ba8588828c9822ad3e593e3
      CSI_SNAPSHOT_IMAGE:                 registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:6d9dcdfb0f37377c2f137f158b35fb2522bd5f1ab7089f867eda1e88bca19fb9
      CSI_SIG_STORAGE_PROVISIONER_IMAGE:  registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:4493269794089f70788f0c1a03f63211c98d768a9f33d20358b72a1223df597e


Moving to VERIFIED!

Comment 11 errata-xmlrpc 2022-03-16 15:57:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0947

Note You need to log in before you can comment on or make changes to this bug.